Thursday, August 8, 2013

In this tutorial we will perform MITM attack.
To perform Man-in-the-Middle (MITM) attack, we will create a fake access point on or laptop and monitor traffic of victim users connected to our laptop. We forward traffic of victim users to the servers therefore, they will be able to access resources on the network. Whereas all there access occurs through our laptop, hence we will be able to see all their communications.

Wednesday, July 24, 2013

This tutorial explain steps to configure Snort on Widnows XP machine and how to use it for detection of attacks.

Steps:
1. Download Snort from "http://www.snort.org/" website.

2. Also download Rules from the same website. You need to sign up to get rules for registered users.
3. Click on the Snort_(version-number)_Installer.exe file to install it. By-default it will install snort in the "C:\Snort" directory.

4. Extract downloaded Rules file: snortrules-snapshot-(number).tar.gz
5. Copy all files from the "rules" directory of the extracted folder and paste them into "C:\Snort\rules" directory.

6. Copy "snort.conf" file from the "etc" directory of the extracted folder and paste it into "C:\Snort\etc" directory. Overwrite existing file if there is any.

8. To execute snort in sniffer mode use following command:snort -dev -i 2-i indicate interface number.-dev is used to run snort to capture packets.

To check interface list use following command:snort -W

9. To execute snort in IDS mode, we need to configure a file "snort.conf" according to our network environment.

10. Set up network address we want to protect in snort.conf file. To do that look for "HOME_NET" and add your IP address.var HOME_NET 10.1.1.17/8
11. You can also set addresses or DNS_SERVERS, if you have any. otherwise go to the next step.

12. Change RULE_PATH variable with the path of rules directory.var RULE_PATH c:\snort\rules
13. Change the path of all libraries with the name and path on your system. or change path of snort_dynamicpreprocessor variable.sor file C:\Snort\lib\snort_dynamiccpreprocessor\sf_dcerpc.dll
You need to do this to all library files in the "C:\Snort\lib" directory. The old path might be something like: "/usr/local/lib/...". you need to replace that path with you system path.

14. Change path of the "dynamicengine" variable value in the "snort.conf" file with the path of your system. Such as: dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
15 Add complete path for "include classification.config" and "include reference.config" files. include c:\snort\etc\classification.config include c:\snort\etc\reference.config
16. Remove the comment on the line to allow ICMP rules, if it is alredy commented. include $RULE_PATH/icmp.rules
17. Similary, remove the comment of ICMP-info rules comment, if it is already commented.include $RULE_PATH/icmp-info.rules
18 To add log file to store alerts generated by snort, search for "output log" test and add following line:output alert_fast: snort-alerts.ids
19. Comment whitelist $WHITE_LIST_PATH/white_list.rules and blacklist $BLACK_LIST_PATH/black_list.rules lines. Also ensure that you add change the line above $WHITE_LIST_PATH
Change nested_ip inner , \ to nested_ip inner #, \
20. Comment following lines:#preprocessor normalize_ip4#preprocessor normalize_tcp: ips ecn stream#preprocessor normalize_icmp4#preprocessor normalize_ip6#preprocessor normalize_icmp6

You might receive a lot of emails from your friends. In this tutorial we will learn how to verify that the email you received is actually from your friend and not a fake email. Attackers can easily send fake email using websites such as "emkei.cz".

Steps:
1. Select an email that you want to trace.
2. Get its full headers. For example in GMail you need to click "More" options button next to "reply" button and select "Show original" option.
3. Copy all headers from top till the To field.
4. Open either "http://whatismyipaddress.com/trace-email" and paste headers into the headers text-area.
5. Click on the "Get Source" button to get IP address of the source.
6. You can use WhoIs service (http://whois.net/) to get more information about IP address. Copy paste IP address found in the step 5 and Click on the "Go" button to get more information about the source of the IP address.

Friday, July 19, 2013

NSE Documentation Portal [http://nmap.org/nsedoc/] provides a detail guide on nmap scripts usage.
Using nmap Scripts we can perform vulnerability assessments.
In this tutorial I will show a few examples of nmap scripts.
1. "smb-check-vulns" script to check Windows RPC vulnerabilities. Checks for vulnerabilities:

MS08-067, a Windows RPC vulnerability

Conficker, an infection by the Conficker worm

Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000

Host script results:| smb-check-vulns:| MS08-067: NOT VULNERABLE| Conficker: Likely CLEAN| regsvc DoS: regsvc DoS: NOT VULNERABLE| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE| MS06-025: NO SERVICE (the Ras RPC service is inactive)|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)

# vi .hg/patches/firstpatch to see the result
# print the current patch to the screenhg qdiff

# make some more changesvi filename

# see the differences not yet stored in the patchhg diff

# update the patchhg qrefresh

# Look at the patches you have applied
# Look at all the patches in the queuehg qappliedhg qseries

# remove the top patchhg qpop

# apply the patch againhg qpush

# remove all patcheshg qpop -a

# apply all patcheshg qpush -a

# Output all applied patches as a single patchhg diff -r qparent:qtip

# update the commit message on a patchhg qrefresh -m "New Message"

# Convert all applied patches into permanent changesetshg qfinish -aPatch to Upload on Bugzilla:
It is available in the following folder location:/your_repository_folder/.hg/patches/Or you can also use following command ot generate a patch to upload:hg export qtip > path_to_temp_patches/patchFileName.patch

Tuesday, February 5, 2013

Ubuntu 12.04 LTS fresh installation even though completed successfully it might fail to install grub correctly on system. In such a situation to install grub you can follow following steps using LiveCD or bootable installation disk.

Boot from LiveCD, open terminal and run following commands to note down drive and partition number on which Ubuntu is installed.